Redirect clients in your application with HttpRedirection module


In a web application, it’s often necessary to redirect clients requesting one url to another url.  Here are some reasons why your application may need to do it:

·         A part of your site should only be accessed over HTTPS to protect private data, so you want to redirect requests made over HTTP to same urls with HTTPS.

·         You want to make sure that everyone accesses your blog as, and not for better search engine rankings.

·         The structure of your application changed – your product pages used to be in the “/catalog” subdirectory but now they are in the “/products” subdirectory.

In these and many more cases, you will need to redirect clients making requests to some urls in your site that match a particular rule to other urls.  In general, there are server different ways that you can do redirection on a web server:

1.       Http Redirection.  The web server tells the client that the content the client is looking for is located at a different address, and the client automatically (most of the time) requests the redirected address.

2.       Server-side rewriting.  The web server changes the url being requested internally, so that the new resource is processed and returned in response to the original url, without telling the client.

The main difference being that with redirection, the client is aware of the change in url and makes a separate request to the new url, and with rewriting the client is oblivious to the change.

This makes redirection more suitable for when you want the client to see the new url, and possibly remember/bookmark it.  Redirection is also the only option whenever the redirected url does not reside in your site or even on your server (there is a third option, called forwarding / proxying, that allows rewrites to other servers to be done internally – more on that in a later post).

Server-side rewriting is better if the rewrite is for internal purposes only – for example, you expose SEF (search engine friendly) urls to your clients, but internally you need to rewrite to an ASP.NET or PHP script to provide the processing for the request.  Server-side rewriting is often also faster because there is no need to tell the client about the rewrite, and then have the client make a second request.  Rewriting can also be trickier on the server, because it’s a lot more sensitive to when the rewrite is made during the processing of the request.   If it’s not made at the right time, certain processing stages have already took place for the old url, and you may see undesired results.

Doing redirection with the HttpRedirection module

A while ago, I wrote a module to do basic http redirection for an ASP.NET application.  The HttpRedirection module allows you to configure regular expression-based rules that redirect clients from url A to url B using http redirection.  You can also inject useful variables into the match and redirection url expressions, control the type of redirects that are performed (temporary vs. permanent), and in what stage of request processing they are performed.

Here are some examples of the things you can do:

<!– Redirect all HTTP requests to application to HTTPS –>

<addname=SSLRedirecturlPart=EntireUrlmatchUrl=^http://(.+)redirectUrl=https://$1 />

<!– Redirect to a localized version of the app –>

<addname=LocalizedApplicationurlPart=PathAndQuerymatchUrl=^{AppPath}/content/(.+)redirectUrl={AppPath}/content/{Culture}/$1 />


<!– Redirect to the same url, placing the Referer http header in the querystring –>

<addname=PlaceRefererInQueryString_NoQueryurlPart=PathAndQuerymatchUrl=^{Path}$redirectUrl={Path}?referrer={SV:HTTP_REFERER} />

<addname=PlaceRefererInQueryString_WithQueryurlPart=PathAndQuerymatchUrl=^{Path}?((?!referrer).*)$redirectUrl={Path}?referrer={SV:HTTP_REFERER}&amp;$1 />

I was looking for an image that I could use for this post, and found this (apparently my LeechGuard module is not being used to prevent hot-linking on that website :)) and found this – I think it says it all:


You are being redirected with HttpRedirection module :)

Read more about the module, download it and the associated source code here.

The module is supported both for legacy ASP.NET applications on IIS5+, but can also be used to do redirection for all resource types using IIS6 / ASP.NET 2.0 wildcard mapping support, or the IIS7 integrated pipeline.

That’s it.  Let me know if you are using it, and if you have any questions / suggestions / complaints by leaving comments.   I’ll be covering server-side rewriting and its complexities in a future post.




  1. Anonymous

    In a web application, it’s often necessary to redirect clients requesting one url to another url. A while

  2. Anonymous

    In a web application, it’s often necessary to redirect clients requesting one url to another url. A while

  3. Mike Volodarsky

    Rajiv, Nice catch!

    The regular expression in the referrer example was a bit off, causing a loop (regardless of browser).

    Unless you are a regular expression master, this is pretty common – a good way to detect and break these loops is to set the "appendOriginalUrl" to true, which causes the redirect to keep track of the number of redirects and break the loops when they exceed the "maxRedirects" number – 3 by default. Very useful when testing.

    I fixed the regular expression and updated the sample app.



  4. Anonymous

    Well this week was a nice rest, most of it spent relaxing with my wife. So it was a non-coding week but

  5. Anonymous

    this is just for ASP.NET right? I’m just thinking if IIS 7 will have something like APACHE’s got “mod_rewrite”. Now on IIS 6 I need ISAPI_REWRITE modul for PHP. It would be nice to have something like this integrated.

  6. Anonymous

    So I’m trying to get ASP working under IIS7 and want to eliminate ISAPI Rewrite for server-side rewriting. How to do this for ASP on IIS7?

  7. Mike Volodarsky


    You can write a simple ASP.NET module that runs for all requests, and does the rewriting you want. Then you can place this module in your application, so there is no need to install anything on the server …

    I’ll cover rewriting in IIS7 in a future post in more detail …



  8. Anonymous

    Mind my IIS ignorance, but I can’t figure out how to actually use this. When you say use the sample app, where do I add that to an existing web site being served with IIS?

  9. Anonymous

    << I'll cover rewriting in IIS7 in a future post in more detail >>

    Well, Im looking forward to that. Like as Johny said; Im just wondering if IIS7 will have something like Apache’s mod_rewrite feature?

  10. Anonymous

    I want a user to login to my C++ application (which autheticates him) Then he can click a button and be redirected to another remote site. Can I do an invisble login for the user into the remote site (windows standard authentication) – I do not want the user to know the username/password for the login.

    I noticed in the HttpRedirection above has a field for Postauthenticate.

  11. Mike Volodarsky


    PostAuthenticate allows the user to be redirected only after he/she succesfully authenticates against the original URL. Depending on the authentication scheme, the browser may keep the authentication result in reuse it for the redirected URL. Windows Authentication will stay in effect if the browser makes the subsequent request on the same connection. So, if the url is in the same site, this should work. Basic authentication should stay if the new URL is under the old URL. Forms Authentication will stay if the URL is in the same ASP.NET application.

    If the new URL is on another site, or server, most likely you will need to re-authenticate. Another option you have is implementing a single-signon scheme where your original site produces an authentication token and injects it in the redirected URL, and the second site can authenticate the user based on that token.

    Hopefully this answers your question.



  12. Anonymous

    I don’t know why, but in IIS7 when I’m using rewriting the RawUrl from HttpContext… return original url not rewritten url. In II6, IIS5 it returns rewritten url.

  13. Anonymous

    I have had my URL to my e-mail account at redirected to another site. That site is blocked by my spyware provider. Result I cannot get to my e-mail account. Where would I look for that redirection program? How do I get rid of it?
    I think I have removed the carrier that brought the function in, antivirus2008XP, but I still cannot be certain I got all of it.

  14. Anonymous

    If all i need is to redirect request from say* to*, preserving exact same urls that were requested on iis6, what is the best way to do it, without doing too much work. Looks like by modifying your sample config, it could be done using your module. I am so confused reading all the different posts on the net. Thanks in advance

  15. xtnerb

    i can’t seem to compile the sample code. it says Error 1 The command “echo
    copy *.dll ……wwwrootbin
    copy *.pdb ……wwwrootbin
    ” exited with code 1. HttpRedirection

    Could you help me out on this thing. Thanks.

    Best Regards

  16. Anonymous

    Dear Mike,
    I’m really interested in the server-side rewriting that you mentioned in this article. Can you give us more info/detail about this approach?

    Would it work (and would it make sense to architect the solution like this) where I want to decompose my single, large, complex single tenant application into various “domain services/applications”, mounted as, or, or These application services are then invoked from a multi-tenant application, like, or, even, or, but both hosts are actually using the same instances of the application services?

    A property of these “domain services” are that they can even respond with the properly formated HTML to AJAX requests, thus spreading the business load and UI rendering to multiple applications.

    I’ve setup a working prototype of this scenario, but as you know, cross site requests are hindering me getting a formatted list of orders via AJAX from, if the host is

    How can I expose (and should I) as and make the client think it’s local to the domain?

    Any comments will be greatly appreciated!

    Kind regards,

  17. Anonymous

    i can’t seem to compile the sample code. it says Error 1 The command “echo

    copy *.dll ……wwwrootbin

    copy *.pdb ……wwwrootbin

    ” exited with code 1. HttpRedirection

    Could you help me out on this thing. Thanks.

    Best Reggards ????

  18. anil

    What is URLREDIRECTION and How can i implement this concept in my ASP.NET?

    suppose my url is I want to display “Ename” in database that corresponding Empno=1 in my ASP.NET webpage?
    plz give me simple example

    I don”t no the concepts I am new to this concept

Leave a Reply

Your email address will not be published. Required fields are marked *